Azure B2C Rest API 创建帐户时仍然出错

Azure B2C Rest API Error Still Creating Account

我已经为 Azure B2C 创建了一个 REST API 来 return 帐户创建流程中的索赔或错误。

在我的自定义策略中,我连接了 API 并且它被调用了。

但是,如果 API return 是 400 或 409,帐户仍会创建,但会在创建页面上向用户显示错误消息。尽管出现错误,用户的帐户仍会创建。

用户随后修复错误并再次点击创建,但无法创建帐户,因为它已经创建。

我已按照此处的说明进行操作:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-rest-api-claims-validation

我的索赔提供者看起来像这样,来自 REST API 的索赔被称为 VerifiedDateOfBirth:

<ClaimsProvider>
            <DisplayName>REST API</DisplayName>
            <TechnicalProfiles>
                <TechnicalProfile Id="REST-Validation">
                    <DisplayName>Check date of birth</DisplayName>
                    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                    <Metadata>
                        <!-- Set the ServiceUrl with your own REST API endpoint -->
                        <Item Key="ServiceUrl">{REST URL}}</Item>
                        <Item Key="SendClaimsIn">Body</Item>
                        <!-- Set AuthenticationType to Basic or ClientCertificate in production environments -->
                        <Item Key="AuthenticationType">None</Item>
                        <!-- REMOVE the following line in production environments -->
                        <Item Key="AllowInsecureAuthInProduction">true</Item>
                    </Metadata>
                    <InputClaims>
                        <!-- Claims sent to your REST API -->
                        <InputClaim ClaimTypeReferenceId="dateOfBirth" />
                    </InputClaims>
                    <OutputClaims>
                        <!-- Claims parsed from your REST API -->
                        <OutputClaim ClaimTypeReferenceId="VerifiedDateOfBirth" />                       
                    </OutputClaims>
                    <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
                </TechnicalProfile>
            </TechnicalProfiles>
        </ClaimsProvider>

以及技术简介:

    <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
                    <DisplayName>Email signup</DisplayName>
                    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                    <Metadata>
                        <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
                        <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
                        <Item Key="language.button_continue">Create</Item>
                    </Metadata>
                    <CryptographicKeys>
                        <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
                    </CryptographicKeys>
                    <InputClaims>
                        <InputClaim ClaimTypeReferenceId="email" />
                    </InputClaims>
                    <OutputClaims>
                        <OutputClaim ClaimTypeReferenceId="objectId" />
                        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
                        <OutputClaim ClaimTypeReferenceId="authenticationSource" />
                        <OutputClaim ClaimTypeReferenceId="newUser" />
                        <!-- Optional claims, to be collected from the user -->
                        <OutputClaim ClaimTypeReferenceId="displayName" />
                        <OutputClaim ClaimTypeReferenceId="givenName" />
                        <OutputClaim ClaimTypeReferenceId="surName" />
                        <OutputClaim ClaimTypeReferenceId="dateOfBirth" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="VerifiedDateOfBirth" Required="true" />
                    </OutputClaims>
                    <ValidationTechnicalProfiles>
                        <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
                        <ValidationTechnicalProfile ReferenceId="REST-Validation" />
                    </ValidationTechnicalProfiles>
                    <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
                </TechnicalProfile>

发生错误时,我在创建页面上看到以下错误:

我需要添加一些额外的配置吗?

您的验证配置文件的顺序在您的 LocalAccountSignUpWithLogonEmail 技术配置文件中很重要。看起来第一个验证是写入用户帐户。

试试这个:

<ValidationTechnicalProfiles>
  <ValidationTechnicalProfile ReferenceId="REST-Validation" />
  <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
</ValidationTechnicalProfiles>